CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2016-5301
https://notcve.org/view.php?id=CVE-2016-5301
The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. La función parse_chunk_header en libtorrent en versiones anteriores a 1.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de (1) una respuesta HTTP o posiblemente (2) una difusión UPnP manipuladas. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00079.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00103.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00043.html http://www.openwall.com/lists/oss-security/2016/06/04/9 http://www.openwall.com/lists/oss-security/2016/06/05/1 http://www.securityfocus.com/bid/91498 https://github.com/arvidn/libtorrent/issues/780 https://github.com/arvidn/libtorrent/pull/782/files • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1760
https://notcve.org/view.php?id=CVE-2009-1760
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. Vulnerabilidad de salto de directorio en src/torrent_info.cpp en Rasterbar libtorrent anteriores a v0.14.4, utilizado en firetorrent, qBittorrent, deluge Torrent, y otras aplicaciones, permite a los atacantes remotos crear o sobrescribir archivos arbitrarios a través de .. (punto punto) y ruta relativa parciales en una elemento lista Modo archivo múltiple en un archivo . torrent. • http://census-labs.com/news/2009/06/08/libtorrent-rasterbar http://secunia.com/advisories/35277 http://secunia.com/advisories/35848 http://security.gentoo.org/glsa/glsa-200907-14.xml http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456 http://www.debian.org/security/2009/dsa-1815 http://www.mandriva.com/security/advisories?name=MDVSA-2009:139 http://www.securityfocus.com/archive/1/504151/100/0/threaded http://www.securityfocus.com/bid/35262 http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •